IAM Project Manager

Description

About us :

We are looking for an IAM Project Manager with solid experience in Entra ID, SailPoint, SAP Security, and SOX regulation, responsible for leading global international identity management projects, recertifications, look‑back review campaigns, role governance, and segregation of duties. The role requires strong project management skills, deep technical‑functional knowledge, ability to interact with audit and business teams, and rigor in control documentation.

• Plan, execute, and control global IAM projects: roadmap, scope, deliverables, risks, and budget.
• Lead new implementations and enhancements in the corporate identity and access management platform and connectors with critical applications.
• Coordinate internal teams, external vendors, integrators, and functional stakeholders.
• Define and implement IAM standards and best practices at a corporate level.

• Identity governance: roles, policies, SoD, certifications, and lifecycle.
• Definition and configuration of access recertification campaigns.
• Design and execution of SOX-compliant look‑back reviews.
• Connector integration: AD, Entra ID, SAP, databases, proprietary systems.
• Access risk assessment and enterprise role modeling.

• Governance of hybrid identities (AD + Entra ID).
• Automated provisioning and de‑provisioning workflows.
• Control of privileged identities and service accounts.

• Management of SAP roles, profiles, and authorizations (ECC, S / 4HANA, or hybrid).
• Functional design of connectors between SailPoint / Entra ID and SAP GRC / BASIS.
• Automation of user onboarding / offboarding, role changes, and hand‑over processes.
• Control of critical access and Segregation of Duties (SoD) analysis.

• Integrations with ticketing tools such as ServiceNow and / or Jira.

• Design, document, and execute SOX controls related to IAM.
• Coordinate internal and external audits: evidence, traceability, and remediation.
• Manage periodic access recertification processes for SOX‑in‑scope applications.
• Perform look‑back reviews for access changes, administrators, role changes, and privileged accounts.
• Ensure segregation of duties in ERP and critical systems.

• Standardize global processes for user onboarding, offboarding, and modifications.
• Manage exceptions and special approvals (break‑glass, temporary access).
• Ensure identity data quality: duplicates, orphan accounts, service accounts.
• Monitor IAM KPIs: provisioning times, campaign compliance, incidents, role quality.
• Participate in architecture forums, change boards, and CAB to validate integrations or access.

• Degree in Engineering, Computer Science, Telecommunications, or similar.
• Valuable certifications: Azure / Entra ID, SailPoint, CISM, CISA, Security+, ITIL, SAP Security / GRC.
• English: at least C1 level.

• 5–8 years in IAM project management in large companies.
• Solid experience with SailPoint (ISC or IIQ) and Entra ID.
• Experience in SAP integrations, role governance, and SoD.
• Participation in SOX audits, recertifications, and control processes.

• IAM: identity lifecycle, roles, policies, least privilege, RBAC / ABAC.
• Protocols: SAML, OAuth2, OpenID Connect, SCIM.
• AD / Entra ID: groups, roles, conditional access, PIM.
• SailPoint: connectors, workflows, certifications, policies.
• SAP: roles, SUIM, AGS, GRC Access Control, SoD.
• Deep knowledge of SOX ITGC controls and evidence.

• Leadership and ability to interact with business, IT, HR, audit, and vendors.
• Management of complex projects (agile and traditional).
• Clear, compliance‑oriented communication.
• Analytical and problem‑solving skills.
• Excellence in documentation and reporting.

Seize the challenge. Move the world together! Innovative, creative, respectful, and diverse are some of the ways we describe ourselves. We are motivated by challenges, and we collaborate across our business units to move the world together. Your journey to a fulfilling career starts here!

Ferrovial is an equal opportunity employer. We treat all jobs applications equally, regardless of gender, color, race, ethnicity, religion, national origin, age, disability, pregnancy, sexual orientation, gender identity and expression, covered veteran status or protected genetic information (each, a “Protected Class”), or any other protected class in accordance with applicable laws.

#WeAreFerrovial